Vulnerabilities

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

Dynamics 365 Finance Spoofing Vulnerability

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.<br /> <br /> On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.<br /> <br /> This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.<br /> <br /> In order to identify the current SigPack version, following command can be used:<br /> <br /> user@junos# show security idp security-package-version

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> The process &amp;#39;aftman-bt&amp;#39; will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.<br /> <br /> An indication that the system experienced this issue is the following log message:<br /> <br />   evo-aftmand-bt[]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes<br /> <br /> <br /> <br /> <br /> This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:<br /> 21.2 version 21.2R1-EVO and later versions;<br /> 21.3 version 21.3R1-EVO and later versions;<br /> 21.4 versions prior to 21.4R3-S3-EVO;<br /> 22.1 version 22.1R1-EVO and later versions;<br /> 22.2 versions prior to 22.2R3-S2-EVO;<br /> 22.3 versions prior to 22.3R3-EVO;<br /> 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.<br /> <br /> <br /> <br />

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).<br /> <br /> If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.<br /> <br /> This issue affects Juniper Networks Junos OS on SRX Series:<br /> All versions prior to 20.2R3-S7;<br /> 20.3 version 20.3R1 and later versions;<br /> 20.4 versions prior to 20.4R3-S6;<br /> 21.1 versions prior to 21.1R3-S5;<br /> 21.2 versions prior to 21.2R3-S4;<br /> 21.3 versions prior to 21.3R3-S4;<br /> 21.4 versions prior to 21.4R3-S3;<br /> 22.1 versions prior to 22.1R3-S1;<br /> 22.2 versions prior to 22.2R3;<br /> 22.3 versions prior to 22.3R2;<br /> 22.4 versions prior to 22.4R1-S1, 22.4R2.<br />

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.<br /> <br />

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.<br /> <br /> This issue affects Juniper Networks Junos OS on MX Series:<br /> All versions prior to 19.1R3-S10;<br /> 19.2 versions prior to 19.2R3-S7;<br /> 19.3 versions prior to 19.3R3-S8;<br /> 19.4 versions prior to 19.4R3-S12;<br /> 20.2 versions prior to 20.2R3-S8;<br /> 20.4 versions prior to 20.4R3-S7;<br /> 21.1 versions prior to 21.1R3-S5;<br /> 21.2 versions prior to 21.2R3-S5;<br /> 21.3 versions prior to 21.3R3-S4;<br /> 21.4 versions prior to 21.4R3-S3;<br /> 22.1 versions prior to 22.1R3-S2;<br /> 22.2 versions prior to 22.2R3;<br /> 22.3 versions prior to 22.3R2-S1, 22.3R3;<br /> 22.4 versions prior to 22.4R1-S2, 22.4R2.<br />

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.